Skip to content
Permalink
Browse files

Add a demo script

Signed-off-by: Max Smythe <smythe@google.com>
  • Loading branch information...
maxsmythe authored and ritazh committed Apr 17, 2019
1 parent d2b5f06 commit 7737638b72a041a1a67f4e4406df49f30524fadb
@@ -60,10 +60,10 @@ spec:
resources:
limits:
cpu: 100m
memory: 30Mi
memory: 512Mi
requests:
cpu: 100m
memory: 20Mi
memory: 256Mi
ports:
- containerPort: 9876
name: webhook-server
@@ -0,0 +1,11 @@
apiVersion: constraints.gatekeeper.sh/v1alpha1
kind: K8sUniqueLabel
metadata:
name: ns-gk-label-unique
spec:
match:
kinds:
- apiGroups: [""]
kinds: ["Namespace"]
parameters:
label: gatekeeper
@@ -8,4 +8,4 @@ spec:
- apiGroups: [""]
kinds: ["Namespace"]
parameters:
labels: ["gatekeeper"]
labels: ["gatekeeper"]
@@ -0,0 +1,50 @@
#!/bin/bash

. ../third_party/demo-magic/demo-magic.sh

clear

pe "kubectl apply -f sync.yaml"

pe "kubectl create ns no-label"

pe "cat k8srequiredlabels_template.yaml"

pe "kubectl apply -f k8srequiredlabels_template.yaml"

pe "cat all_ns_must_have_gatekeeper.yaml"

pe "kubectl apply -f all_ns_must_have_gatekeeper.yaml"

pe "kubectl apply -f bad_ns.yaml"

pe "cat good_ns.yaml"

pe "kubectl apply -f good_ns.yaml"

pe "cat k8suniquelabels_template.yaml"

pe "kubectl apply -f k8suniquelabels_template.yaml"

pe "kubectl apply -f all_ns_gatekeeper_label_unique.yaml"

pe "cat no_dupe_ns.yaml"

pe "kubectl apply -f no_dupe_ns.yaml"

pe "cat no_dupe_ns_2.yaml"

pe "kubectl apply -f no_dupe_ns_2.yaml"

pe "kubectl get k8srequiredlabels ns-must-have-gk -o yaml"

p "THE END"

kubectl delete -f all_ns_gatekeeper_label_unique.yaml
kubectl delete -f all_ns_must_have_gatekeeper.yaml
kubectl delete -f k8suniquelabels_template.yaml
kubectl delete -f k8srequiredlabels_template.yaml
kubectl delete -f no_dupe_ns.yaml
kubectl delete -f good_ns.yaml
kubectl delete ns no-label

@@ -0,0 +1,58 @@
apiVersion: templates.gatekeeper.sh/v1alpha1
kind: ConstraintTemplate
metadata:
name: k8suniquelabels
spec:
crd:
spec:
names:
kind: K8sUniqueLabel
listKind: K8sUniqueLabelList
plural: k8suniquelabels
singular: k8suniquelabel
validation:
# Schema for the `parameters` field
openAPIV3Schema:
properties:
label:
type: string
targets:
- target: admission.k8s.gatekeeper.sh
rego: |
package k8suniquelabel
make_apiversion(kind) = apiVersion {
g := kind.group
v := kind.version
g != ""
apiVersion = sprintf("%v/%v", [g, v])
}
make_apiversion(kind) = apiVersion {
kind.group == ""
apiVersion = kind.version
}
identical_namespace(obj, review) {
obj.metadata.namespace == review.namespace
obj.metadata.name == review.name
obj.kind == review.kind.kind
obj.apiVersion == make_apiversion(review.kind)
}
identical_cluster(obj, review) {
obj.metadata.name == review.name
obj.kind == review.kind.kind
obj.apiVersion == make_apiversion(review.kind)
}
deny[{"msg": msg, "details": {"value": val, "label": label}}] {
label := input.constraint.spec.parameters.label
val := input.review.object.metadata.labels[label]
cluster_objs := [o | o = data.inventory.cluster[_][_][_]; not identical_cluster(o, input.review)]
ns_objs := [o | o = data.inventory.namespace[_][_][_][_]; not identical_namespace(o, input.review)]
all_objs := array.concat(cluster_objs, ns_objs)
all_values := {val | obj = all_objs[_]; val = obj.metadata.labels[label]}
count({val} - all_values) == 0
msg := sprintf("label %v has duplicate value %v", [label, val])
}
@@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: no-dupes
labels:
"gatekeeper": "not_duplicated"
@@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: no-dupes-2
labels:
"gatekeeper": "not_duplicated"
@@ -0,0 +1,16 @@
# http://editorconfig.org
root = true

[*]
indent_style = space
indent_size = 2
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true

[*.md]
trim_trailing_whitespace = false

[*.mdown]
trim_trailing_whitespace = false
@@ -0,0 +1,2 @@
.DS_Store
Thumbs.db
@@ -0,0 +1,148 @@
# Demo Magic

demo-magic.sh is a handy shell script that enables you to script repeatable demos in a bash environment so you don't have to type as you present. Rather than trying to type commands when presenting you simply script them and let demo-magic.sh run them for you.

## Features
- Simulates typing. It looks like you are actually typing out commands
- Allows you to actually run commands or pretend to do so.
- Can hide commands from presentation. Useful for behind the scenes stuff that doesn't need to be shown.

## Functions

### pe
Print and Execute. This function will simulate typing whatever you give it. It will then pause until you press <kbd>ENTER</kbd>. After your keypress it will run the command.

```bash
#!/bin/bash
pe "ls -l"
```

### p
Print only. This function will simulate typing whatever you give it. It will not run the command. After typing it will pause until you press <kbd>ENTER</kbd>. After your keypress it will move on to the next instruction in your script.

```bash
#!/bin/bash
p "ls -l"
```

### wait
Waits for the user to press <kbd>ENTER</kbd>.

If `PROMPT_TIMEOUT` is defined and > 0 the demo will automatically proceed after the amount of seconds has passed.

```bash
#!/bin/bash
# Will wait until user presses enter
PROMPT_TIMEOUT=0
wait
# Will wait max 5 seconds until user presses
PROMPT_TIMEOUT=5
wait
```

### cmd
Enters script into interactive mode and allows newly typed commands to be executed within the script
```
#!/bin/bash
cmd
```

## Getting Started
Create a shell script and include demo-magic.sh

```bash
#!/bin/bash
########################
# include the magic
########################
. demo-magic.sh
# hide the evidence
clear
# Put your stuff here
```

Then use the handy functions to run through your demo.

## Command line usage
demo-magic.sh exposes 3 options out of the box to your script.
- `-d` - disable simulated typing. Useful for debugging
- `-h` - prints the usage text
- `-n` - set no default waiting after `p` and `pe` functions
- `-w` - set no wait timeout after `p` and `pe` functions

```bash
$ ./my-demo.sh -h
Usage: ./my-demo.sh [options]
Where options is one or more of:
-h Prints Help text
-d Debug mode. Disables simulated typing
-n No wait
-w Waits max the given amount of seconds before proceeding with demo (e.g. `-w5`)
```

## Useful Tricks

### Faking network connections
Network connections during demos are often unreliable. Try and fake whatever commands would rely on a network connection. For example: Instead of trying to install node modules in a node.js application you can fake it. You can install the node_modules at home on your decent network. Then rename the directory and pretend to install it later by symlinking. If you want to be thorough you can capture the output of npm install into a log file then cat it out later to simulate the install.

```bash
#!/bin/bash
########################
# include the magic
########################
. demo-magic.sh
# hide the evidence
clear
# this command is typed and executed
pe "cd my-app"
# this command is merely typed. Not executed
p "npm install"
# this command runs behind the scenes
ln -s cached_node_modules node_modules
# cat out a log file that captures a previous successful node modules install
cat node-modules-install.log
# now type and run the command to start your app
pe "node index.js"
```

### No waiting
The -n _no wait_ option can be useful if you want to print and execute multiple commands.

```bash
# include demo-magic
. demo-magic.sh -n
# add multiple commands
pe 'git status'
pe 'git log --oneline --decorate -n 20'
```

However this will oblige you to define your waiting points manually e.g.
```bash
...
# define waiting points
pe 'git status'
pe 'git log --oneline --decorate -n 20'
wait
pe 'git pull'
pe 'git log --oneline --decorate -n 20'
wait
```

0 comments on commit 7737638

Please sign in to comment.
You can’t perform that action at this time.